Senior Security Engineer, Governance Risk and Compliance
We are operating at the fast-moving frontier of the crypto ecosystem, where trust, speed, and ironclad security are paramount to our success. We aren't looking for a passive bureaucrat or a traditional checklist-checker. We need a sharp, highly autonomous Senior Engineer, GRC who genuinely loves the details, anticipates gaps before dashboards turn red, and possesses the human judgment to steer modern, tech-forward security frameworks. If you thrive in high-stakes environments and know how to balance real risk mitigation against empty paperwork, you’ll fit right in.
What you'll be doing:
- Compliance lifecycle: Maintain ISO 27001 certification, prepare for SOC 2 Type 1 and 2, manage auditor relationships, and own evidence collection in Vanta. You know what's slipping before the dashboard turns red, and can forecast certification timelines confidently.
- Vulnerability management (as a program): Own the SLA layer — weekly dashboard, breach escalation, exception tracking, and monthly leadership view. Engineers fix the bugs; you ensure they fix them on time.
- Policy lifecycle: Annual reviews, new policies as scope expands, training rollout, attestation tracking, and exception requests. Reviews run through an adversarial AI pipeline today; you'll own the cadence and the human judgment inside it.
- People-ops security controls: Onboarding/offboarding evidence, access reviews, security awareness training, background-check tracking, and permission groups. Partner with HR on the workflow; own the auditable artifact.
- Vendor risk: Vendor inventory, pre-procurement assessments, and annual reassessments.
- Risk program: Maintain the risk register and run quarterly reviews.
- Data protection: DLP policy and tuning, data-classification programs, and PDPA partnership with Legal.
- Business continuity: Own the BCP/DR program — documentation, drills, and post-exercise improvements.
What we're looking for:
- 3–5 years in security or GRC program manag...